Government ignores Personal Internet Security

At the end of last week the Government published their response to the House of Lords Science and Technology Committee Report on Personal Internet Security. The original report was published in mid-August and I blogged about it (and my role in assisting the Committee) at that time.

The Government has turned down pretty much every recommendation. The most positive verbs used were “consider” or “working towards setting up”. That’s more than a little surprising, because the report made a great deal of sense, and their lordships aren’t fools. So is the Government ignorant, stupid, or in the thrall of some special interest group?

On balance I think it starts from ignorance.

Some of the most compelling evidence that the Committee heard was at private meetings in the USA from companies such as Microsoft, Cisco, Verisign, and in particular from Team Cymru, who monitor the “underground economy”. I don’t think that the Whitehall mandarins have heard these briefings, or have bothered to read the handful of published articles such as this one in ;login, or this more recent analysis that will appear at CCS next week. If the Government was up-to-speed on what researchers are documenting, they wouldn’t be arguing that there is more crime solely because there are more users — and they could not possibly say that they “refute the suggestion […] that lawlessness is rife”.

However, we cannot rule out stupidity.

Some of the Select Committee recommendations were intended to address the lack of authoritative data — and these were rejected as well. The Government doesn’t think its urgently necessary to capture more information about the prevalence of eCrime; they don’t think that having the banks collate crime reports gets all the incentives wrong; and they “do not accept that the incidence of loss of personal data by companies is on an upward path” (despite there being no figures in the UK to support or refute that notion, and considerable evidence of regular data loss in the United States).

The bottom line is that the Select Committee did some “out-of-the-box thinking” and came up with a number of proposals for measurement, for incentive alignment, and for bolstering law enforcement’s response to eCrime. The Government have settled for complacency, quibbling about the wording of the recommendations, and picking out a handful of the more minor recommendations to “note” to “consider” and to “keep under review”.

A whole series of missed opportunities.

8 thoughts on “Government ignores Personal Internet Security

  1. Whilst i agree that there we some missed oppertunities a lot of work is being done around the privacy and consent of personal data by the UK government. The technology Startegy Board, EPSRC and ESRC are funding around £10m to look at these very issues. So not all bad news. Have a look at the blog http://networksecurityip.wordpress.com

  2. @Richard,

    “So is the Government ignorant, stupid, or in the thrall of some special interest group?”

    I would disagre with Ignorant, there have been way to many Gov IT projects going wrong for any Gov Minister to plead Ignorance.

    Although Stupidity is what the person on the street is likley to say, again it is very unlikley that to get to ministerial level that you are a stupid person.

    Which leaves your “Special Interest Group”, I would prefere to say “Vested Interest Groups”. Marketing is one of the largest businesses in the world and limiting their raw resource (peoples info) is an absolut anathma to them. So that group alone is going to apply considerable presure via the usual routes. Likewise a number of high tech organisations want to get as much access to personal info as possible for other probably less benign reasons (at the least think of “employee reliability” checks etc).

    However you did leave out two other reasons which are “Indiferance” and “Political Charecter assasination”.

    Most Whitehall mandarins do not give a stuff about personal privercy. In fact just about every Elected Gov since the second world war has been presented with reasons why the U.K. should have ID Cards and other Databases of information. It was not untill the current incumbrents came to power that they so willingly swallowed the hook (and also used it as a way to avoid bankruptcy of the Labour Party).

    What is so surprising is the likes of Jack Straw who in a previous government actually went trawling after National Insurance records on various people for purley political reasons is so keen on makeing large DBs of as much personal info as possible (unless he is still up to his old tricks). Likewise why is the Mayor of London via TfL so keen on collecting any data on people and reserving the right to make it available to whom so ever they think fit including Journolists (see TfL’s entries with the Data Protection Registra). “Uncle Ken” has actually been given a very derogatory award (Big Brother 2003) by Privacy International for these activities,

    http://www.privacyinternational.org/bigbrother/uk2003/

    Oh and David Blunkett got a “lifetime menace” award.

  3. I am bummed. I actually pumped my fist and said “yes!!” when I heard a presentation from one of the members of the House of Lords describing these (then upcoming) recommendations.

    Guess it was too good to be true.

  4. The government response actually says “we would refute the suggestion that the public has lost confidence in the internet and that lawlessness is rife”.

    Assuming “would refute” is intended to mean “disagree with”, this straw-man suggestion is compound and includes “the public has lost confidence in the internet”, which they clearly have not, so the response is strictly correct.

    HMG often plays this game. From their viewpoint, there is little point in spending money on an issue that the public is unaware of, so equivocation is the best policy.

  5. Some of the public have lost confidence…

    The best measure we have is the Oxford Internet Survey. The 2007 figures show “ex-users” at 5% and of those 21% cite “worried about your privacy” as a reason for stopping using the Internet and 18% cite “had bad experiences with spam or viruses”.

    Interestingly 81% of ex-users and 65% of users agree with the statement “people who go on the Internet put their privacy at risk”. This may be connected with 34% reporting they had “received a virus onto their computer”, 9% had “bought something that had been mispresented on a website” and 2% had had “credit card details stolen via use on the Internet” (figures relating to receiving spam/phishing etc are high, but considerably down on 2003/2005 … ISP filters are better).

  6. The Government have settled for complacency, quibbling about the wording of the recommendations, and picking out a handful of the more minor recommendations to ‘note’ to ‘consider’ and to keep under review.

  7. Like pretty much all the government does, its people who don’t know what they are doing running something technical. Be it in health, IT, transport or the environment.

    Personally think this is another lovely example of why professionals need to be brought in who know what they are doing.

  8. but by using professionals know it alls the government wasting tax payers money again, people may assume lawlessness is rife on the internet but it wost on the uk streets.

Leave a Reply

Your email address will not be published. Required fields are marked *